• State Not Answered
  • Replies 4 replies
  • Subscribers 90 subscribers
  • Views 1893 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 283163
Options

How to reset Mbed TLS session

ephimee

Hi,

I currently have a working project with BG96, embed TLS and LWM2M.

I'm investigating some problems that occur when the connectivity is interrupted during TLS handshake.
If interruption happens, I use coap_security_destroy() to clear the session and call lwm2m_bootstrap() after that.
Most of the times this is ok and everything recovers just fine.

But when you interrupt the connectivity between specific packets during TLS handshake, it looks like mbed does not initiate a new TLS session.

I want to know if I need more than coap_security_destroy() to clear all TLS remnants?

What I also see in the log is that the ssl->state does not go beyond state 2, which is MBEDTLS_SSL_SERVER_HELLO (normally it goes beyond 15).
Most ssl functions also return MBEDTLS_ERR_SSL_CONN_EOF but I think it's just a waiting state, waiting for new data?

I do not know how to enable MBEDTLS logging. I just put printf statements in the SDK16 files such as ssl_tls.c and ssl_cli.c

If I look at the tcpdump, I do not see any new packets being send from the NRF (client) to the server after the interruption.

How do I enable mbedtls logging?

Parents
  • 0

    Hi

    I will have a closer look at this, and see what I can figure out.

    Howeverr, as the nRF5 SDK 16 is an older version, and most of our LTE/NB-IoT effort is going the nRF Connect SDK, it might take some time.

    I will return with what I can find on Wednesday.

    It is understandable if you have worked with this too long to change now.
    Even so, I will point out that the nRF Connect SDK has support fort the RAK5010 board, which is a nRF52840 with a BG96 plus some more.
    If you have the time, it could be worth looking into this.
    (See nRF Connect SDK vs nRF 5 SDK for the difference between the SDKs)

    Regards,
    Sigurd Hellesvik

  • 0 in reply to Sigurd Hellesvik

    Hi

    Most ssl functions also return MBEDTLS_ERR_SSL_CONN_EOF but I think it's just a waiting state, waiting for new data?

    From this Git Issue, EOF looks like a socket is closed when you try to communicate. In the issue, it was due to an error with the certs. But it could be any onter reason for closing the socket before it is done as well. I do not think EOF sounds like a waiting state.
    EOF sounds a lot like what would happen when you say "when the connectivity is interrupted during TLS handshake."

    How do I enable mbedtls logging?

    Try to enable "TLS_CONFIG_LOG_ENABLED" in sdk_config.h and "MBEDTLS_DEBUG_C" in "external/nrf_tls/mbedtls/dtls/config/nrf_dtls_config.h".

    I want to know if I need more than coap_security_destroy() to clear all TLS remnants?

    From the documentation on the DTLS Coap Client, it seems like coap_security_destory() should be all you need:
    "The example tear down security setup with a peer when the bluetooth link is disconnected. Refer coap_security_destroy for on tearing down a DTLS session."
    However, I can not be a 100% certain this is all that is needed. I recommend that you look at the way the example does this.

    Does these answers help with your issue?

    Regards,
    Sigurd Hellesvik

Reply
  • 0 in reply to Sigurd Hellesvik

    Hi

    Most ssl functions also return MBEDTLS_ERR_SSL_CONN_EOF but I think it's just a waiting state, waiting for new data?

    From this Git Issue, EOF looks like a socket is closed when you try to communicate. In the issue, it was due to an error with the certs. But it could be any onter reason for closing the socket before it is done as well. I do not think EOF sounds like a waiting state.
    EOF sounds a lot like what would happen when you say "when the connectivity is interrupted during TLS handshake."

    How do I enable mbedtls logging?

    Try to enable "TLS_CONFIG_LOG_ENABLED" in sdk_config.h and "MBEDTLS_DEBUG_C" in "external/nrf_tls/mbedtls/dtls/config/nrf_dtls_config.h".

    I want to know if I need more than coap_security_destroy() to clear all TLS remnants?

    From the documentation on the DTLS Coap Client, it seems like coap_security_destory() should be all you need:
    "The example tear down security setup with a peer when the bluetooth link is disconnected. Refer coap_security_destroy for on tearing down a DTLS session."
    However, I can not be a 100% certain this is all that is needed. I recommend that you look at the way the example does this.

    Does these answers help with your issue?

    Regards,
    Sigurd Hellesvik

Children
No Data
Related
Terms of service